Commit 77610b14 authored by Roger Shimizu's avatar Roger Shimizu

test

parent 7b097f1d
This diff is collapsed.
From: Justus Winter <justus@g10code.com>
Date: Tue, 13 Jun 2017 15:35:01 +0200
Subject: gpg: Check and fix keys on import.
* doc/gpg.texi: Document the new import option.
* g10/gpg.c (main): Make the new option default to yes.
* g10/import.c (parse_import_options): Parse the new option.
(import_one): Act on the new option.
* g10/options.h (IMPORT_REPAIR_KEYS): New macro.
GnuPG-bug-id: 2236
Signed-off-by: Justus Winter <justus@g10code.com>
(cherry picked from commit 9b12b45aa5e67d4d422bf75a3879df1d52dbe67f)
---
doc/gpg.texi | 4 ++++
g10/gpg.c | 5 +++--
g10/import.c | 10 +++++++++-
g10/options.h | 1 +
4 files changed, 17 insertions(+), 3 deletions(-)
diff --git a/doc/gpg.texi b/doc/gpg.texi
index a7d78c4..1cb754e 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -2287,6 +2287,10 @@ opposite meaning. The options are:
on the keyring. This option is the same as running the @option{--edit-key}
command "clean" after import. Defaults to no.
+ @item repair-keys. After import, fix various problems with the
+ keys. For example, this reorders signatures, and strips duplicate
+ signatures. Defaults to yes.
+
@item import-minimal
Import the smallest key possible. This removes all signatures except
the most recent self-signature on each user ID. This option is the
diff --git a/g10/gpg.c b/g10/gpg.c
index 5a880fd..a6a2e05 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -2364,9 +2364,10 @@ main (int argc, char **argv)
opt.max_cert_depth = 5;
opt.escape_from = 1;
opt.flags.require_cross_cert = 1;
- opt.import_options = 0;
+ opt.import_options = IMPORT_REPAIR_KEYS;
opt.export_options = EXPORT_ATTRIBUTES;
- opt.keyserver_options.import_options = IMPORT_REPAIR_PKS_SUBKEY_BUG;
+ opt.keyserver_options.import_options = (IMPORT_REPAIR_KEYS
+ | IMPORT_REPAIR_PKS_SUBKEY_BUG);
opt.keyserver_options.export_options = EXPORT_ATTRIBUTES;
opt.keyserver_options.options = KEYSERVER_HONOR_PKA_RECORD;
opt.verify_options = (LIST_SHOW_UID_VALIDITY
diff --git a/g10/import.c b/g10/import.c
index 125b994..762b02c 100644
--- a/g10/import.c
+++ b/g10/import.c
@@ -41,6 +41,7 @@
#include "../common/membuf.h"
#include "../common/init.h"
#include "../common/mbox-util.h"
+#include "key-check.h"
struct import_stats_s
@@ -179,6 +180,9 @@ parse_import_options(char *str,unsigned int *options,int noisy)
N_("assume the GnuPG key backup format")},
{"import-restore", IMPORT_RESTORE, NULL, NULL},
+ {"repair-keys", IMPORT_REPAIR_KEYS, NULL,
+ N_("repair keys on import")},
+
/* Aliases for backward compatibility */
{"allow-local-sigs",IMPORT_LOCAL_SIGS,NULL,NULL},
{"repair-hkp-subkey-bug",IMPORT_REPAIR_PKS_SUBKEY_BUG,NULL,NULL},
@@ -1434,7 +1438,11 @@ import_one (ctrl_t ctrl,
log_info (_("key %s: PKS subkey corruption repaired\n"),
keystr_from_pk(pk));
- if (chk_self_sigs (keyblock, keyid, &non_self))
+ if ((options & IMPORT_REPAIR_KEYS))
+ key_check_all_keysigs (ctrl, keyblock, 0, 0);
+
+// if (chk_self_sigs (keyblock, keyid, &non_self))
+ if (chk_self_sigs (ctrl, keyblock, keyid, &non_self))
return 0; /* Invalid keyblock - error already printed. */
/* If we allow such a thing, mark unsigned uids as valid */
diff --git a/g10/options.h b/g10/options.h
index 88a8f32..ff09709 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -350,6 +350,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
#define IMPORT_KEEP_OWNERTTRUST (1<<8)
#define IMPORT_EXPORT (1<<9)
#define IMPORT_RESTORE (1<<10)
+#define IMPORT_REPAIR_KEYS (1<<11)
#define EXPORT_LOCAL_SIGS (1<<0)
#define EXPORT_ATTRIBUTES (1<<1)
......@@ -81,3 +81,5 @@ update-crypto-defaults/0080-gpgsm-default-to-3072-bit-keys.patch
update-crypto-defaults/0081-gpg-default-to-3072-bit-RSA-keys.patch
update-crypto-defaults/0082-gpg-default-to-AES-256.patch
0083-dirmngr-Implement-querying-nameservers-over-IPv6.patch
0084-gpg-Refactor-key-checking-and-fixing.patch
0085-gpg-Check-and-fix-keys-on-import.patch
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment